[sudo-workers] LDAP SudoOrder max value
Todd C. Miller
Todd.Miller at courtesan.com
Tue Oct 17 12:55:41 MDT 2017
On Tue, 17 Oct 2017 14:54:49 +0200, Daniele Palumbo wrote:
> I am seeking the maximum value that a sudoOrder option defined in LDAP may ta
> ke.
>
> From LDAP definition, seems that there are no limit [2,3].
>
> From sudo ldap.c[1] seems to be a signed double (that on some implementation
> is in example 1.79769^308).
>
> May you please confirm that signed double is the maximum value that
> sudoOrder may take, if not limited by LDAP itself?
You are correct, the order is stored as a signed double. The maximum
value will be machine-dependent but is typically about 1.79769^308
on machines with IEEE floating point, which is practically all
modern machines.
- todd
More information about the sudo-workers
mailing list